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Detailed Action 
Response to Arguments 

Applicant's amendments will be treated below. As there are no new arguments presented, the 
previous action's responses to arguments are presented again below since they are referred to in 
the current office action. 

Applicant's arguments filed 4/10/08 have been fully considered but they are not persuasive. 
Applicant argues the following: 

a) "Access by the user are not signed by specifying token 90 and business rules. To the contrary, 
the system of the '527 publication tracks user access by maintaining records of each 
authentication. The authentication refers to the user's credentials, which include, for example, 
biometric information submitted by the user. The user's credentials are not the token 90 or the 
business rules. 

Examiner respectfully disagrees. Examiner relies on the token to represent the claimed 
"user signature" and "role signature". The token the user's login name and the user's role which 
is equated to user and role signature respectively (paragraph 34). As can be seen in paragraphs 
34 and 35 of the reference, the token is stored by the secure server so that the user can eliminate 
the need to authenticate with the server each time he wishes to access information on the server. 
Therefore, it is clear that a record of at least the first time the token is submitted is stored. The 
storing of this access transaction is interpreted as being analogous to the signing of an access 
operation. The cited passage wherein applicant cites that the reference teaches tracking user 
access by maintaining user records of each authentication is an optional embodiment of the 
invention and further is not relied upon in examiner's rejection. This argument is considered to be 
moot. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-41 are rejected under 35 U.S.C. 102(b) as being anticipated by 

Khidekel (US PGP No. 20010027527). 

As per claims 1,9, 16, 29 and 40, Khidekel teaches: 

A method for signing access operations to electronic data, comprising: 

performing a security check upon each access operation in order to ascertain the identity of a 
user; 

[see paragraph 0029] "The user can be authenticated based on the user's credentials" 
[see paragraph 35, wherein upon receiving the token, the secure server validates the 
token by comparing the difference between the current time and the authentication time 
to the predefined threshold to make sure a duration of time has not expired. It is clear 
from this that each access operation must be logged and a security check performed 
because if each access is not logged, there would be an error in the duration of time 
since the last access operation that was not logged. 

assigning a user signature, identifying the user, on the basis of the performed security check 
without being viewable by the user; 

[see paragraph 0034] "Token" 

assigning a t least one role signature, each role signature being assignable to a plurality of users, 
on the basis of the performed security check without being viewable by the user; and 

[see paragraph 0039] ". . . business rules that indicate which users are authorized to take 
various types of actions..." 

signing each access operation to electronic data by specifying the user signature and the role 
signature; and 

[see paragraph 0034-0035] see explanation above in Response to Arguments. 

recording each access operation and the user signature and the at least one role signature 
specified for each access operation. 

[see above explanation for why each access operation is logged.] 
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As per claims 2, 10, and 30, Khidekel teaches: 

The method as claimed in claim 1 , wherein the security check involves biometric data from the 
user being ascertained. 

[see paragraph 0029] 

As per claims 3, 11, 17, 23, and 31, Khidekel teaches: 

The method as claimed in claim 1 , wherein the security check involves reading at least one of an 
electronic and mechanical key. 

[see paragraph 0029, "smartcard"] 

As per claims 4, 12, 18, 19, 24, 25, and 32, Khidekel teaches: 

The method as claimed in claim 1 , wherein the user signature to be assigned is ascertainable on 
the basis of the data ascertained in the security check, by checking a user signature memory. 

[see paragraph 0026, "database 24'] 

As per claims 5, 13, 20, 21, 26, 27, and 33, Khidekel teaches: 

The method as claimed in claim 1 , wherein the role signature to be assigned is ascertainable on 
the basis of the data ascertained in the security check, by checking a role signature memory. 

[see paragraph 0026, "database 24" 

As per claims 6, 14, 22, 28, 34, and 35, Khidekel teaches: 

The method as claimed in claim 4, wherein the user signature memory is checked using a data 
telecommunication link. 

[see paragraph 0028, "communications can be sent over a secure socket layer"] 

As per claim 7, Khidekel teaches: 

The method as claimed in claim 1 , wherein one user is assignable a plurality of role signatures 
simultaneously. 

[see paragraph 0039, wherein specified physicians may be permitted to view patient 
records as well as modify them while administrative staff may only view patient records] 

As per claims 8, 15, and 36, Khidekel teaches: 

The method as claimed in claim 1 , wherein the data are medically relevant, wherein the users are 
medical specialist personnel, and wherein the roles are formed in line with the workgroups within 
the medical specialist personnel. 

[see paragraph 0025] 
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As per claim 37, 38, 39, 42, Khidekel teaches: 

The method as claimed in claim 1 , wherein each access operation and the user signature and the 
at least one role signature specified for each access operation are recorded in an audit memory. 

[see paragraph 8, "Each time the user is authenticated, a time-stamped record can be 
stored. Encryption can be used to enhance security. User profiles, user credentials and 
time-stamped records can be stored in encrypted form in a database. "] 

As per claim 41, Khidekel teaches: 

The method as claimed in claim 40, wherein an access operation can be reconstructed by 
specifying at least one of the user's former and current role signatures. 

[see paragraph 41, resubmit credentials for re-authentication. 
POINTS OF CONTACT 

*. Any response to this Office Action should be faxed to (571 ) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

*. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner 
can normally be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
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may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

/Daniel L. Hoang/ 
Examiner, Art Unit 2436 



/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2436 



